The beta restful_authentication includes a helper method and partial
to do just that, right out of the box:
<% if logged_in? -%>
Logged in as <%=
link_to_current_user :content_method => :login %>
(<%= link_to “log out”, logout_path
%>)
<% else -%>
<%= link_to_login_with_IP ‘Not logged
in’, :style => ‘border: none;’ %>
<%= link_to “Log in”, login_path %> /
<%= link_to “Sign up”, signup_path, { :title => “Create
an
account” } %>
<% end -%>
You can put this in your app/views/layouts/application.html.erb layout
file
<%= render :partial => 'users/
hello_or_login' %>
with something like this in your stylesheet:
#top_bar { float:right; width:100%; background-
color: #eee; }
#hello_or_login { float:right; text-align:right; color:
#999; }
#hello_or_login div { float:left; clear:none; padding: 0.2em 0.5em;
border-left:1px solid #aaa }
There is also an “if_authorized?” helper method:
<%= if_authorized? :to => :edit, :on => @user do link_to(“Edit
#{@user.login}”, edit_user_path) end %>
To try out the newer version of restful_authentication, invoke:
git clone git://github.com/technoweenie/restful-authentication.git
restful_authentication
cd restful_authentication/
git checkout --track -b modular origin/modular
Cheers,
flip
(You asked about loggedin/not logged in view hiding, but since I
mentioned authorization filtering too I should mention: removing
something from view does NOT forbid it; only access control in your
controller module will do this. Going farther astray: Another
approach to view-filtering is the “Full Access With Errors” security
pattern: expose all things a visitor might reasonably have access to
by logging in/escalating, then ask for login when action is requested.
See p305ff in “Security Patterns”
http://www.amazon.com/gp/reader/0470858842/ref=sib_dp_pt
)
http://infochimps.org
Connected Open Free Data